Required TODOs: - embedded libfdt is outdated and well, embedded. Please build and link against the libfdt1 / libfdt-dev that is in main.
Cannot do =) opensbi is firmware. It runs in a different RISC-V mode - machine, not user. This code is compiled freestanding, without pic/pie, without stack protection, and without requirement to have libc. One can notice that there is an libfdt_env.h header to remap functions that look like standard ones (memcpy and the like). It would be nice if I could build-depend on libfdt-dev source package + built-using. That way any CVEs would leave enough breadcrumbs to follow. But this is no different to how grub2 vendorizes lzo, gcrypt, and a few other things. All of which is rebuilt freestanding. So at best I can notify security team to add an embedded source copy mapping. W.r.t. being out of date I see that upstream did import 1.5.1 but not 1.6.0. I can work with them to update to 1.6.0 at least. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1906668 Title: [MIR] opensbi To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/opensbi/+bug/1906668/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
